| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Mar 2017 11:10:12 -0500
From: "Li, Yi" <yi1.li@...ux.intel.com>
To: matthew.gerlach@...ux.intel.com
Cc: ming.lei@...onical.com, mcgrof@...nel.org,
gregkh@...uxfoundation.org, atull@...nsource.altera.com,
moritz.fischer@...us.com, linux-kernel@...r.kernel.org,
linux-fpga@...r.kernel.org
Subject: Re: [RFC 1/2] firmware class: Add stream_firmware API.
hi Matthew,
On 3/13/2017 4:09 PM, matthew.gerlach@...ux.intel.com wrote:
>
>
> On Fri, 10 Mar 2017, Li, Yi wrote:
>
>> Hi Matthew
>>
> Hi Yi,
>
>
>>
>> On 3/10/2017 11:44 AM, matthew.gerlach@...ux.intel.com wrote:
>>>
>>>
>>> On Thu, 9 Mar 2017, yi1.li@...ux.intel.com wrote:
>>>
>>>> From: Yi Li <yi1.li@...ux.intel.com>
>>>
>>>
>>> Hi Yi,
>>>
>>> Just one question below.
>>>
>>> Matthew Gerlach
>>>
>>>
>>>> Add function to load firmware in multiple chucks instead of
>>>>
>>>> loading the whole big firmware file at once.
>>>>
>>>> Signed-off-by: Yi Li <yi1.li@...ux.intel.com>
>>>> ---
>>>> drivers/base/firmware_class.c | 128
>>>> ++++++++++++++++++++++++++++++++++++++++++
>>>> include/linux/firmware.h | 2 +
>>>> 2 files changed, 130 insertions(+)
>>>>
>>>> diff --git a/drivers/base/firmware_class.c
>>>> b/drivers/base/firmware_class.c
>>>> index ac350c5..44fddff 100644
>>>> --- a/drivers/base/firmware_class.c
>>>> +++ b/drivers/base/firmware_class.c
>>>> @@ -436,6 +436,62 @@ fw_get_filesystem_firmware(struct device
>>>> *device, struct firmware_buf *buf)
>>>> return rc;
>>>> }
>>>>
>>>> +static int
>>>> +fw_stream_filesystem_firmware(struct device *device, struct
>>>> firmware_buf *buf,
>>>> + size_t offset, size_t length)
>>>> +{
>>>> + int i, len;
>>>> + char *path;
>>>> + int rc = 0;
>>>> + struct file *file;
>>>> +
>>>> + buf->size = 0;
>>>> +
>>>> + path = __getname();
>>>> + if (!path)
>>>> + return -ENOMEM;
>>>> +
>>>> + for (i = 0; i < ARRAY_SIZE(fw_path); i++) {
>>>> + /* skip the unset customized path */
>>>> + if (!fw_path[i][0])
>>>> + continue;
>>>> +
>>>> + len = snprintf(path, PATH_MAX, "%s/%s",
>>>> + fw_path[i], buf->fw_id);
>>>
>>> I'm probably being paranoid, but is it safe to assume the length of
>>> the buffer returned by __getname() is at least PATH_MAX? It seems like
>>> the length should be pagesize.
>>
>> The size should be the maximum number of char of the string be
>> produced, not the input size.
>> According to
>> https://www.gnu.org/software/libc/manual/html_node/Formatted-Output-Functions.html
>> Function:/int/*snprintf*/(char *s, size_tsize, const char *template, …)
>> /The|snprintf|function is similar to|sprintf|, except that
>> thesizeargument specifies the maximum number of characters to
>> produce. The trailing null character is counted towards this limit,
>> so you should allocate at leastsizecharacters for the strings.
>> Ifsizeis zero, nothing, not even the null byte, shall be written
>> andsmay be a null pointer.
>> The return value is the number of characters which would be generated
>> for the given input, excluding the trailing null. If this value is
>> greater than or equal tosize, not all characters from the result have
>> been stored ins
>>
>
> I am familiar with the functionality of snprintf versus sprintf. In the
> snprintf call above, you are saying that memory pointed to by the
> variable path, has at least PATH_MAX number of bytes. My question is
> how can you know that the memory returned by __getname() has PATH_MAX
> number of bytes?
>
>
Ah, now I understand the concerns.
The __getname() will allocate an buffer object from names_cachep
extern struct kmem_cache
<http://lxr.free-electrons.com/ident?i=kmem_cache> *names_cachep
<http://lxr.free-electrons.com/ident?i=names_cachep>;
#define __getname <http://lxr.free-electrons.com/ident?i=__getname>()
kmem_cache_alloc
<http://lxr.free-electrons.com/ident?i=kmem_cache_alloc>(names_cachep
<http://lxr.free-electrons.com/ident?i=names_cachep>, GFP_KERNEL
<http://lxr.free-electrons.com/ident?i=GFP_KERNEL>)
names_cachep is created in fs/dcaches.c vfs_caches_init function with
object size equal to PATH_MAX.
names_cachep <http://lxr.free-electrons.com/ident?i=names_cachep> =
kmem_cache_create
<http://lxr.free-electrons.com/ident?i=kmem_cache_create>(/"names_cache"/,
PATH_MAX <http://lxr.free-electrons.com/ident?i=PATH_MAX>,
0,SLAB_HWCACHE_ALIGN
<http://lxr.free-electrons.com/ident?i=SLAB_HWCACHE_ALIGN>|SLAB_PANIC
<http://lxr.free-electrons.com/ident?i=SLAB_PANIC>, NULL
<http://lxr.free-electrons.com/ident?i=NULL>);
so __getname() should allocate buffer with size of PATH_MAX.
The code is borrowed from fw_get_filesystem_firmware function, which
should be reviewed and safe to use. :)
Thanks,
Yi
>>>
>>>> + if (len >= PATH_MAX) {
>>>> + rc = -ENAMETOOLONG;
>>>> + break;
>>>> + }
>>>> +
>>>> + if (!path || !*path)
>>>> + continue;
>>>> +
>>>> + if (!buf->data) {
>>>> + buf->data = vmalloc(length);
>>>> + if (!buf->data) {
>>>> + rc = -ENOMEM;
>>>> + break;
>>>> + }
>>>> + }
>>>> +
>>>> + file = filp_open(path, O_RDONLY, 0);
>>>> + if (IS_ERR(file))
>>>> + continue;
>>>> +
>>>> + buf->size = kernel_read(file, offset, (char *) buf->data,
>>>> + length);
>>>> + fput(file);
>>>> + break;
>>>> + }
>>>> +
>>>> + __putname(path);
>>>> +
>>>> + if (rc)
>>>> + dev_err(device, "loading %s failed with error %d\n",
>>>> + path, rc);
>>>> + return rc;
>>>> +}
>>>> +
>>>> /* firmware holds the ownership of pages */
>>>> static void firmware_free_data(const struct firmware *fw)
>>>> {
>>>> @@ -1267,6 +1323,78 @@ request_firmware(const struct firmware
>>>> **firmware_p, const char *name,
>>>> }
>>>> EXPORT_SYMBOL(request_firmware);
>>>>
>>>> +static int
>>>> +_stream_firmware(const struct firmware **firmware_p, const char
>>>> *name,
>>>> + struct device *device, void *buf, size_t size,
>>>> + unsigned int opt_flags, size_t offset, size_t length)
>>>> +{
>>>> + int ret;
>>>> + struct firmware *fw = NULL;
>>>> + struct firmware_buf *fbuf;
>>>> +
>>>> + if ((!firmware_p) || (!name || name[0] == '\0')) {
>>>> + dev_err(device, "invalid firmware pointer or file name\n");
>>>> + return -EINVAL;
>>>> + }
>>>> +
>>>> + if (!*firmware_p) {
>>>> + ret = _request_firmware_prepare(&fw, name, device, buf,
>>>> size);
>>>> + if (ret <= 0) {
>>>> + dev_err(device, "%s: _request_firmware_prepare failed
>>>> %d\n",
>>>> + __func__, ret);
>>>> + }
>>>> + } else {
>>>> + fw = (struct firmware *) *firmware_p;
>>>> + }
>>>> +
>>>> + fbuf = (struct firmware_buf *) fw->priv;
>>>> + ret = fw_stream_filesystem_firmware(device, fbuf, offset,
>>>> length);
>>>> + fw->size = fbuf->size;
>>>> + fw->data = fbuf->data;
>>>> + *firmware_p = fw;
>>>> +
>>>> + if (ret)
>>>> + dev_err(device, "streaming with error %d\n", ret);
>>>> + return ret;
>>>> +}
>>>> +
>>>> +/**
>>>> + * stream_firmware: - send firmware request and wait for it
>>>> + * @firmware_p: pointer to firmware image
>>>> + * @name: name of firmware file
>>>> + * @device: device for which firmware is being loaded
>>>> + * @offset: offset of the file to read from
>>>> + * @length: length in bytes to read
>>>> + *
>>>> + * @firmware_p will be used to return a firmware image by the
>>>> name
>>>> + * of @name for device @device.
>>>> + *
>>>> + * Should be called from user context where sleeping is allowed.
>>>> + *
>>>> + * @name will be used as $FIRMWARE in the uevent environment and
>>>> + * should be distinctive enough not to be confused with any
>>>> other
>>>> + * firmware image for this or any other device.
>>>> + *
>>>> + * Caller must hold the reference count of @device.
>>>> + *
>>>> + * The function can be called safely inside device's suspend and
>>>> + * resume callback.
>>>> + **/
>>>> +int
>>>> +stream_firmware(const struct firmware **firmware_p, const char *name,
>>>> + struct device *device, size_t offset, size_t length)
>>>> +{
>>>> + size_t ret;
>>>> +
>>>> + /* Need to pin this module until return */
>>>> + __module_get(THIS_MODULE);
>>>> + ret = _stream_firmware(firmware_p, name, device, NULL, 0,
>>>> + FW_OPT_UEVENT | FW_OPT_NO_WARN, offset, length);
>>>> + module_put(THIS_MODULE);
>>>> + return ret;
>>>> +}
>>>> +EXPORT_SYMBOL(stream_firmware);
>>>> +
>>>> /**
>>>> * request_firmware_direct: - load firmware directly without
>>>> usermode helper
>>>> * @firmware_p: pointer to firmware image
>>>> diff --git a/include/linux/firmware.h b/include/linux/firmware.h
>>>> index b1f9f0c..accd7f6 100644
>>>> --- a/include/linux/firmware.h
>>>> +++ b/include/linux/firmware.h
>>>> @@ -41,6 +41,8 @@ struct builtin_fw {
>>>> #if defined(CONFIG_FW_LOADER) || (defined(CONFIG_FW_LOADER_MODULE)
>>>> && defined(MODULE))
>>>> int request_firmware(const struct firmware **fw, const char *name,
>>>> struct device *device);
>>>> +int stream_firmware(const struct firmware **fw, const char *name,
>>>> + struct device *device, size_t offset, size_t length);
>>>> int request_firmware_nowait(
>>>> struct module *module, bool uevent,
>>>> const char *name, struct device *device, gfp_t gfp, void *context,
>>>> --
>>>> 2.7.4
>>>>
>>>> --
>>>> To unsubscribe from this list: send the line "unsubscribe
>>>> linux-fpga" in
>>>> the body of a message to majordomo@...r.kernel.org
>>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>>>
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-fpga" in
>> the body of a message to majordomo@...r.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
Powered by blists - more mailing lists